k8s-pod-restart-info-collector
k8s-pod-restart-info-collector copied to clipboard
Add ability to define containersecuritycontext
Hi,
I run a cluster that has a policy engine on it that forbids insecure pods/containers.
Currently there is a way to define a pod security context, but not a container security context.
Can we add this in please? It just needs to be a new line in the container spec.
This is what I require:
podSecurityContext:
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 1000
fsGroup: 2000
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop: ["ALL"]